Topic last updated—November 2007

What’s the difference between Active Directory System Discovery and Active Directory System Group Discovery?

Active Directory System Discovery retrieves details about the computer, such as computer name, Active Directory container name, IP address, and Active Directory site. It generates a data discovery record (DDR) for each computer it discovers in Active Directory Domain Services.

Active Directory System Group Discovery works only for systems that are already discovered and assigned to the local primary site and any direct child secondary sites. Active Directory System Group Discovery is not available for secondary sites. If a resource has been discovered and is assigned to the site, Active Directory System Group Discovery extends other discovery methods by retrieving details such as organizational unit, global groups, universal groups, and nested groups. Active Directory System Group Discovery cannot discover a computer that has not already been discovered by another method.

How do I discover user groups in Active Directory?

The Active Directory User Discovery method discovers users and the user groups of which they are members.

How can I use Configuration Manager to determine the OU that a computer is a member of?

You need to configure Active Directory System Group Discovery and have it perform a discovery cycle. To force a discovery cycle, in the Active Directory System Group Discovery Properties dialog box, click the Polling tab and then select Run discovery as soon as possible to report the OUs and containers the client is a member of. When this data has been added to the site database, you can create queries and collections using that data. Use the System Container Name or System OU Name attributes from the System Resource class.

See Also